What governance frameworks and legal/regulatory frameworks are listed under Trust & Compliance?

Frameworks listed include the EU AI Act, GDPR, California CCPA/CPRA, US Federal advertising rules (FTC), Copyright/DMCA, and CAN‑SPAM.

What company policies are mentioned in the Trust & Compliance profile?

Policies listed include Terms of Service, Privacy Policy, and a Data Processing Addendum (DPA).

Which audits and certifications does the research state the company has?

The research states audits include SOC 2 Type II and ISO 27001.

What encryption and authentication measures are stated?

The research states encryption in transit is used, account credentials are user ID and password, and SSO (SAML/OIDC) is available for enterprise/provisioning on request.

What is said about data retention?

Personal information is retained only as long as reasonably necessary to fulfill the purposes described in the Privacy Policy, and retention periods vary by information type and legal obligations.

What languages and regions are listed under Localization?

Localization lists English as the language and Canada and the United States as regions.

How does the research describe Searcle’s role under GDPR for site-collected and customer data?

The research states Searcle describes lawful bases and data subject rights under GDPR and that it acts as a controller for site-collected data and as a processor for customer data, per the searcle.ai privacy policy.

What is said about CCPA/CPRA relevance?

The research states California consumer privacy obligations (rights to know, delete, opt-out/limit use of sensitive personal information) are relevant given Searcle’s US/Canada hosting and B2B marketing operations.

What anti-spam obligations are mentioned?

CAN‑SPAM and other anti-spam/email marketing laws are mentioned as required compliance for commercial marketing emails, including accurate headers, opt-out mechanisms, and a valid contact address.

What does the research say about COPPA and youth privacy?

The research notes COPPA and children’s online privacy rules apply if any product/features collect data about children under 13, and Searcle states Services are not intended for individuals under applicable youth ages.

What truth‑in‑advertising considerations are highlighted?

The research highlights that FTC truth-in-advertising and endorsement rules require marketing claims, testimonials, and case studies to be truthful, substantiated, and to disclose material connections, with new FTC rules on fake reviews/testimonials relevant for AI-generated content.

What third‑party platform policy considerations are listed?

The research notes that content generated for or via large AI platforms must follow those platforms’ usage and content policies (OpenAI, Google, Anthropic, Microsoft, etc.), and related restrictions such as privacy, prohibited content, and disclosure.

What legal disclaimers and limitations are described in the terms?

The research indicates the terms disclaim guarantees about rankings/visibility, limit liability, state Services provide recommendations/insights and do not control third-party AI/search outputs, and advise avoiding promises of specific ranking outcomes.

What dispute resolution provisions are indicated in the terms?

The research states the terms include an arbitration provision and a class action waiver.

What does the research say about intellectual property and outputs?

The terms reserve rights in the Service (models, algorithms, methodologies); clients retain rights in their domain/content but outputs/insights may be subject to Searcle IP terms, and ownership/licensing should be clarified in client contracts.

What is said about Data Processing Addenda (DPAs) and controller/processor roles?

The research states a Data Processing Addendum is available where required and that privacy documentation distinguishes controller and processor roles.

What does the research say about security incident and breach readiness?

The research notes the privacy policy documents security measures and notification obligations and advises content teams to avoid embedding sensitive credentials or private customer data in content or client subdomains.

Who owns the content and intellectual property created by Storebox?

Clients retain ownership of content published to their domains, while Storebox/Searcle reserves rights to the underlying service IP (models, methodologies, and platform); ownership and licensing details are clarified in customer contracts.

What security certifications and protections does Storebox have?

Storebox/Searcle maintains SOC 2 Type II and ISO 27001 certifications, uses encryption in transit, and provides enterprise authentication options with SSO available on request.

How does Storebox handle GDPR, CCPA/CPRA and other privacy regulations?

The platform aligns with GDPR and CCPA/CPRA obligations, documents lawful bases and data‑subject rights in its privacy policy, and offers a Data Processing Addendum (DPA) where required.